SWIFT warns banks of newly discovered cyber-heists

Aug 31, 2016 13:29 GMT  ·  By

SWIFT, the operator of the eponymous financial transaction system used to move money between banks, has announced it discovered new cyber-heists that leveraged its system to steal money from banks across the globe.

The company has not disclosed the name of the banks due to its privacy agreements, but it has said the attacks are new and have taken place since June this year.

This piece of information was obtained by a Reuters reporter who received a copy of a letter that SWIFT sent banks across the globe, informing them of the new attacks and urging them to boost their security measures.

SWIFT-related incidents continue to mount up

The first bank cyber-heist that leveraged the SWIFT system was discovered this February, when unknown crooks managed to steal $81 million from the Bangladesh central bank.

In May, two new attacks surfaced, both having taken place in late 2015. Hackers managed to steal $12 million from Ecuador's Banco del Austro and attempted to take $1.36 million from Vietnam's Tien Phong Bank. The latter attack failed.

Other attacks also targeted the SWIFT system used by the Philippines' central bank and an unnamed bank in New Zealand, which also failed.

In June, Ukrainian authorities announced that an unnamed bank lost $10 million after intruders penetrated its network and used the SWIFT system to transfer money out of its accounts.

SWIFT has been trying to convince banks to boost security measures

All cyber-heists followed the same patterns. Hackers breached the bank's normal IT network used for day-to-day operations, searched for the SWIFT system, collected SWIFT credentials from bank employees, and then attempted to move money out of the bank's accounts to their own.

SWIFT is well aware of the issue and has been on a crusade to convince banks to upgrade their IT systems, as well as to use the latest version of its software.

Since SWIFT is only a software maker, it cannot force any of the financial institutions to deploy better security on their networks. Still, Reuters states that the letter SWIFT sent out included a November 19 deadline for banks to upgrade their systems. SWIFT said it would report banks that fail to protect themselves and their clients to regulators and fellow financial partners.